Afternoon all.

Small environment - 25 user Windows shop.

I built out an AD CS server on a 2025 member server.

I have another 2025 server running IIS with an internal site.

I created a CSR on this IIS server and installed the cert issued by AD CS.

I did a policy refresh on my client running Win 11 and can now see the new AD CS cert.

However my Edge browser does not trust the new IIS site.

I thought that any site certs issued by my AD CS will be trusted being that I have the AD CS root cert installed in my certificate store.

What am I missing?

Thank you